PT-2019-14498 · Airbrake · Airbrake Ruby Notifier

Nbdavies

Published

2019-09-06

Updated

2020-08-24

CVE-2019-16060

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Airbrake Ruby notifier version 4.2.3

Description The Airbrake Ruby notifier mishandles the blacklist keys configuration option, which may lead to the disclosure of passwords to unauthorized actors.

Recommendations For Airbrake Ruby notifier version 4.2.3, update to version 4.2.4 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-16060

GHSA-2P82-V77V-MPPR

Affected Products

Airbrake Ruby Notifier

PT-2019-14498 · Airbrake · Airbrake Ruby Notifier

CVE-2019-16060

Weakness Enumeration

Related Identifiers

Affected Products

References · 6